angelleye / PayPal IPN for WordPress / issues / #21 - SQL Statement needs $wpdb->prepare() added. — Bitbucket

Issue #21 closed

Drew Angell repo owner created an issue 2015-01-16

Looks like there's another SQL statement that we need to protect in the paypal_ipn_for_wordpress_exist_post_by_title() function.

$post_data = $wpdb->get_col("SELECT ID FROM wp_posts WHERE post_title = '{$ipn_txn_id}' AND post_type = 'paypal_ipn' ");

Need to protect this from SQL injection the way we did the other.

Comments (2)

Drew Angell reporter
- changed status to closed
- 2015-01-17T05:40:47+00:00
Drew Angell reporter
- removed milestone
Removing milestone: 1.0 (automated comment)
- 2015-02-08T08:27:57+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: minor

Status: closed

Version: –

Votes: 0

Watchers: 2